Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2015:209 | First vendor Publication | 2015-04-27 |
Vendor | Mandriva | Last vendor Modification | 2015-04-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783). Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329). Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330). PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:209 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-08-20 | IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-08-11 | PHP core compressed file temp_len buffer overflow attempt RuleID : 35093 - Revision : 3 - Type : SERVER-OTHER |
2015-08-11 | PHP core compressed file temp_len buffer overflow attempt RuleID : 35092 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO |
2016-06-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-10.nasl - Type : ACT_GATHER_INFO |
2015-10-05 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO |
2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO |
2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150709_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1218.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1218.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1218.nasl - Type : ACT_GATHER_INFO |
2015-06-25 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150623_php_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1135.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1135.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1135.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1018-1.nasl - Type : ACT_GATHER_INFO |
2015-06-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3280.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-352.nasl - Type : ACT_GATHER_INFO |
2015-04-30 | Name : The remote Debian host is missing a security update. File : debian_DLA-212.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-209.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6399.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1e232a0ceb5711e4b5954061861086c1.nasl - Type : ACT_GATHER_INFO |
2015-04-24 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6407.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_8.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_24.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_4_40.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6195.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-10.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2572-1.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-509.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-511.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-510.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-06-11 00:29:08 |
|
2015-06-10 21:30:42 |
|
2015-06-10 00:28:49 |
|
2015-04-29 13:28:49 |
|
2015-04-27 13:28:57 |
|